Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29275 | 2024-08-02 | 9.8 Critical | ||
| SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. | ||||
| CVE-2024-29232 | 2024-08-02 | 5.4 Medium | ||
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29233 | 2024-08-02 | 5.4 Medium | ||
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29234 | 2024-08-02 | 5.4 Medium | ||
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29235 | 2024-08-02 | 5.4 Medium | ||
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29239 | 2024-08-02 | 5.4 Medium | ||
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29320 | 2024-08-02 | 8.1 High | ||
| Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php. | ||||
| CVE-2024-29238 | 2024-08-02 | 5.4 Medium | ||
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29169 | 2024-08-02 | 5.4 Medium | ||
| Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. | ||||
| CVE-2024-29001 | 2024-08-02 | 7.5 High | ||
| A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited. | ||||
| CVE-2024-28996 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 7.5 High |
| The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. | ||||
| CVE-2024-28559 | 2024-08-02 | 8.8 High | ||
| SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. | ||||
| CVE-2024-28556 | 2024-08-02 | 9.8 Critical | ||
| SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php. | ||||
| CVE-2024-28558 | 2024-08-02 | 8.8 High | ||
| SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php. | ||||
| CVE-2024-28395 | 2024-08-02 | 9.8 Critical | ||
| SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. | ||||
| CVE-2024-28322 | 1 Puneethreddyhc | 1 Event Management | 2024-08-02 | 9.8 Critical |
| SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request. | ||||
| CVE-2024-28279 | 1 Code-projects | 1 Computer Book Store | 2024-08-02 | 7.3 High |
| Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=. | ||||
| CVE-2024-28107 | 2024-08-02 | 8.8 High | ||
| phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6. | ||||
| CVE-2024-28094 | 2024-08-02 | 8.8 High | ||
| Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. | ||||
| CVE-2024-27940 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-08-02 | 8.8 High |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database. | ||||